• NSA: Keeping PowerShell: Security Measures to Use and Embrace

    Home » Forums » Cyber Security Information and Advisories » Cyber Security for Business users » NSA: Keeping PowerShell: Security Measures to Use and Embrace

    Author
    Topic
    #2456604

    https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF

    Cybersecurity authorities from the United States, New Zealand, and the United Kingdom
    recommend proper configuration and monitoring of PowerShell, as opposed to
    removing or disabling PowerShell entirely. This will provide benefits from the security
    capabilities PowerShell can enable while reducing the likelihood of malicious actors
    using it undetected after gaining access into victim networks. The following
    recommendations will help defenders detect and prevent abuse by malicious cyber
    actors, while enabling legitimate use by administrators and defenders…

    The authors’ recommendations mitigate cyber threats without obstructing PowerShell’s
    functionality, which aligns to Microsoft’s guidance on maintaining operational…

    [Moderator edit] not new/active exploit, moved to CS for Business

    • This topic was modified 1 month, 1 week ago by Alex5723.
    • This topic was modified 1 month, 1 week ago by Paul T.
    2 users thanked author for this post.
    Viewing 0 reply threads
    Author
    Replies
    • #2456767

      Bottom like if you are concerned about attackers abusing PowerShell, deploy PowerShell 7 and enable auditing.

      Susan Bradley Patch Lady

      2 users thanked author for this post.
    Viewing 0 reply threads
    Reply To: NSA: Keeping PowerShell: Security Measures to Use and Embrace

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: